AWS S3 download fails when using KMS encrypted objects

[chris-smith-zocdoc]

Describe the bug

When using KMS encrypted objects, S3 requires the use of sigv4 credential signing

To reproduce, upload an object using a customer managed kms key

aws s3 cp foo.txt s3://bucket/foo.txt --sse aws:kms --sse-kms-key-id <key_id>

and try to download it using a file source

file(
    name="s3_file",
    source=http_source(
        url="s3://bucket/foo.txt",
        len=123,
        sha256="sha",
    )
)

run_shell_command(
    name="list_files",
    command="ls -lah {chroot}",
    execution_dependencies=[":s3_file"],
)

pants run :list_files

Produces an error like

IntrinsicError: Client error (400) downloading file foo.txt from https://bucket.s3.amazonaws.com/foo.txt

Pants version
2.24.1

OS
Both

Additional info
toml to enable the backend

[GLOBAL]
pants_version = "2.24.1"
backend_packages = [
    "pants.backend.shell",
    "pants.backend.url_handlers.s3",
]
plugins = [
    'botocore==1.34.135'
]

[chris-smith-zocdoc]

This is the relevant signing code in the existing s3 handler

pants/src/python/pants/backend/url_handlers/s3/register.py

Line 91 in dd87b85

signer.add_auth(http_request)

We have a fix for this in our plugin I can push shortly, my main question is do we want to drop the old signing method an only use v4?

[chris-smith-zocdoc]

The response from S3 using the existing HmacV1Auth signing is

<Error><Code>InvalidArgument</Code><Message>Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.</Message><ArgumentName>Authorization</ArgumentName><ArgumentValue>null</ArgumentValue><RequestId>123</RequestId><HostId>456</HostId></Error>